JBoss EJB Security with credentials from database

I've succesfully deployed an EJB on my JBoss 5.0.1 (including a MySQL datasource for EntityManager). Now I have one last problem before I can start really implementing the business logic itself: Security. I need to use credentials stored in a database (as the users may change every once in a while it doesn't seem like a good idea storing them in a config file) and I would like to use the JBoss EJB Security features. I've done a google search, but I didn't really find a good tutorial on how to do the database-based security check... It would be really great if someone could give me a little shove in the right direction...

Thanks in advance,

Flo

Florian Schaetz
Greenhorn

Joined: Oct 14, 2009
Posts: 18

posted Mar 24, 2010 15:12:39

0

Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?). And I noticed that this was the wrong subforum anyway (sorry for that).

Florian Schaetz wrote:Ok, after searching a while longer, I found enough hints on how to use the DatabaseServerLoginModule (Am I the only one who thinks that the whole xml-configuration thing is much more time-consuming than the actual coding?).

In /server/default/conf/login-config.xml (or something else, if you don't use default), a new application-policy must be added:

DatabaseServerLoginModule tells JBoss to search for the passwords and roles in the database, dsJndiName tells it, what Datasource to use, the both queries must return a password and the roles. The 'Roles' in the second queries has to be there for JBoss.

In the Application, one can use @SecurityDomain("mysqlLogin") for the bean and @RolesAllowed( { "Role1", "Role1" }) for methods or the whole class. It is also possible to ask for the roles by adding...

In the EJB, the sessionContext can be asked sessionContext.isCallerInRole("Role1") for example. Suprisingly, that's pretty much everything I needed (at least, to get it started, of course the possibilities are nearly endless).